# mark is new in 3.4.4
# source (= subnet) = Set of hosts that you wish to masquerade.
# address = If  you  specify  an  address here, SNAT will be used and this will be the source address.
define shorewall::masq(
  $interface,
  $source,
  $address = '-',
  $proto   = '-',
  $port    = '-',
  $ipsec   = '-',
  $mark    = '-',
  $order   = '100',
){
  shorewall::entry{"masq-${order}-${name}":
    line => "# ${name}\n${interface} ${source} ${address} ${proto} ${port} ${ipsec} ${mark}"
  }
}